Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/34a8781f-2036-49a8-8d81-23a2c005cd4b.roa
File:                     34a8781f-2036-49a8-8d81-23a2c005cd4b.roa (raw, json)
Hash identifier:          Saa9QeHJ+b6/9fwiHyHKBKc8NcGcaz6HFXgd1oxcBzE=
Subject key identifier:   D7:B5:B5:A2:75:88:19:50:C7:A9:C1:94:27:85:C5:0F:BB:D2:09:A1
Certificate issuer:       /CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
Certificate serial:       73FB7DC67ECE06CAD51E7842EA61085A1AA46162
Authority key identifier: 91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/34a8781f-2036-49a8-8d81-23a2c005cd4b.roa
Signing time:             Sat 18 Feb 2023 00:00:00 +0000
ROA not before:           Sat 18 Feb 2023 00:00:00 +0000
ROA not after:            Tue 21 Feb 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            73:fb:7d:c6:7e:ce:06:ca:d5:1e:78:42:ea:61:08:5a:1a:a4:61:62
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611
        Validity
            Not Before: Feb 18 00:00:00 2023 GMT
            Not After : Feb 21 23:59:59 2023 GMT
        Subject: serialNumber=ed3b5c081edf805b77dc36677ac6c5362e72dc2739deaed8b047536f26e266bc, CN=6ae4e567-6348-4c4f-98a8-0422c4c52ff3, OU=Amazon RPKI, O=Amazon.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:26:da:29:b5:bb:0c:0c:3b:17:80:66:e9:d5:
                    c5:57:15:e2:f9:63:cf:45:c9:b4:0d:e0:64:9c:46:
                    20:45:bb:c6:99:d2:a5:51:17:64:31:a2:9f:6a:d3:
                    9f:2e:2c:7a:32:58:b0:6e:29:3d:80:7f:70:fc:f0:
                    39:41:32:fe:64:fd:39:44:75:63:28:31:06:d3:3a:
                    4d:44:b4:a2:49:b0:49:3e:ec:04:df:54:8d:40:18:
                    92:b0:8b:1c:91:33:f0:96:a7:e6:78:97:fc:a2:82:
                    58:9a:f5:92:de:ab:3f:5b:73:36:35:26:b6:43:a0:
                    62:03:5e:c6:fc:60:c5:7b:ad:07:1b:8f:05:0b:ff:
                    ae:bc:ae:9e:d6:c9:e7:44:b8:32:cc:72:94:0c:db:
                    6e:92:5f:31:1a:89:8b:63:ce:0d:9a:4f:f1:7d:b4:
                    25:ed:66:8e:24:3b:f2:8c:35:0c:cc:15:b3:03:31:
                    06:b2:d4:32:fd:43:fa:68:48:e8:2a:2a:30:0e:d0:
                    67:9b:a9:31:47:bc:dc:d6:36:85:63:a0:cf:7e:bf:
                    25:51:6f:05:d3:ac:3d:84:29:ff:92:1e:f1:1d:4e:
                    60:f7:3f:8a:56:98:bf:ae:46:79:82:d1:6b:23:88:
                    18:e7:f6:48:40:89:52:d2:be:26:2d:ef:bb:4a:9d:
                    1a:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D7:B5:B5:A2:75:88:19:50:C7:A9:C1:94:27:85:C5:0F:BB:D2:09:A1
            X509v3 Authority Key Identifier:
                keyid:91:44:ED:C7:A4:0E:E9:90:B7:FA:36:6F:F6:E1:7D:79:AD:C4:83:97

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/73f21c2b-8823-4c24-b25b-43c80cb6d1bb/278aab878f2831bb1823b58794b092d86fb1d7a0f74e281611.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/34a8781f-2036-49a8-8d81-23a2c005cd4b.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/b68a32ee-455d-483a-943d-1a5be748bfea/4bb8ae5c-124c-42f3-87fb-4f34e74e3da2.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c7:70:f7:21:aa:e1:35:ca:ff:a9:44:a5:25:ed:07:82:39:8c:
         0b:68:6c:8a:85:94:a3:f4:b1:a8:8e:da:25:97:23:76:19:45:
         9e:8b:8a:aa:76:16:e3:51:46:01:25:c0:01:25:37:4f:b9:71:
         63:82:f0:c0:d6:61:a7:67:66:a7:cb:75:f8:1e:a8:a1:3f:2b:
         c9:9f:4f:81:ae:78:f5:79:9c:5b:18:3e:b8:9c:7f:c4:de:9a:
         b6:b0:03:6e:c1:27:fb:d1:a9:2e:7b:01:a3:7b:e9:4a:b2:42:
         e0:31:75:bc:04:19:f3:c6:fb:c4:5c:e0:47:9e:4e:38:19:d8:
         fd:1a:41:ca:63:1a:98:3e:ce:62:0a:c4:2f:77:27:00:ec:a8:
         b4:26:5b:a5:ad:d7:07:0b:06:bf:31:1c:4e:6d:3d:5b:df:c3:
         1e:45:9a:f8:9c:32:e0:19:4d:e5:08:f8:44:b0:82:4d:d5:0b:
         67:3e:fe:dd:c6:0f:6b:0b:25:b1:6f:86:6a:e2:ae:2a:74:1b:
         fa:e2:9d:df:a6:c6:f8:bd:76:9e:df:22:a7:55:34:37:f9:20:
         3e:33:51:4f:10:b9:23:36:6b:a6:bb:cd:28:1b:50:b7:ab:ec:
         8f:f8:dd:65:aa:90:8b:50:9f:6a:d5:df:21:38:c0:12:28:cc:
         d8:46:93:4a
-----BEGIN CERTIFICATE-----
MIIGMTCCBRmgAwIBAgIUc/t9xn7OBsrVHnhC6mEIWhqkYWIwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI4MzFiYjE4MjNiNTg3OTRiMDkyZDg2
ZmIxZDdhMGY3NGUyODE2MTEwHhcNMjMwMjE4MDAwMDAwWhcNMjMwMjIxMjM1OTU5
WjCBpTFJMEcGA1UEBRNAZWQzYjVjMDgxZWRmODA1Yjc3ZGMzNjY3N2FjNmM1MzYy
ZTcyZGMyNzM5ZGVhZWQ4YjA0NzUzNmYyNmUyNjZiYzEtMCsGA1UEAxMkNmFlNGU1
NjctNjM0OC00YzRmLTk4YTgtMDQyMmM0YzUyZmYzMRQwEgYDVQQLEwtBbWF6b24g
UlBLSTETMBEGA1UEChMKQW1hem9uLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP
ADCCAQoCggEBALgm2im1uwwMOxeAZunVxVcV4vljz0XJtA3gZJxGIEW7xpnSpVEX
ZDGin2rTny4sejJYsG4pPYB/cPzwOUEy/mT9OUR1YygxBtM6TUS0okmwST7sBN9U
jUAYkrCLHJEz8Jan5niX/KKCWJr1kt6rP1tzNjUmtkOgYgNexvxgxXutBxuPBQv/
rryuntbJ50S4MsxylAzbbpJfMRqJi2PODZpP8X20Je1mjiQ78ow1DMwVswMxBrLU
Mv1D+mhI6CoqMA7QZ5upMUe83NY2hWOgz36/JVFvBdOsPYQp/5Ie8R1OYPc/ilaY
v65GeYLRayOIGOf2SECJUtK+Ji3vu0qdGg0CAwEAAaOCAr4wggK6MB0GA1UdDgQW
BBTXtbWidYgZUMepwZQnhcUPu9IJoTAfBgNVHSMEGDAWgBSRRO3HpA7pkLf6Nm/2
4X15rcSDlzAOBgNVHQ8BAf8EBAMCB4AwgfMGCCsGAQUFBwEBBIHmMIHjMIHgBggr
BgEFBQcwAoaB03JzeW5jOi8vcnBraS5hcmluLm5ldC9yZXBvc2l0b3J5L2FyaW4t
cnBraS10YS81ZTRhMjNlYS1lODBhLTQwM2UtYjA4Yy0yMTcxZGEyMTU3ZDMvMDM1
NzI3MmMtYTc5YS00NWJmLTk1ODYtOTJkZDQ5ZWYzMjIzLzczZjIxYzJiLTg4MjMt
NGMyNC1iMjViLTQzYzgwY2I2ZDFiYi8yNzhhYWI4NzhmMjgzMWJiMTgyM2I1ODc5
NGIwOTJkODZmYjFkN2EwZjc0ZTI4MTYxMS5jZXIwgZ4GCCsGAQUFBwELBIGRMIGO
MIGLBggrBgEFBQcwC4Z/cnN5bmM6Ly9ycGtpLXJzeW5jLnVzLWVhc3QtMi5hbWF6
b25hd3MuY29tL3ZvbHVtZS9iNjhhMzJlZS00NTVkLTQ4M2EtOTQzZC0xYTViZTc0
OGJmZWEvMzRhODc4MWYtMjAzNi00OWE4LThkODEtMjNhMmMwMDVjZDRiLnJvYTCB
lQYDVR0fBIGNMIGKMIGHoIGEoIGBhn9yc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lL2I2OGEzMmVlLTQ1NWQtNDgzYS05NDNk
LTFhNWJlNzQ4YmZlYS80YmI4YWU1Yy0xMjRjLTQyZjMtODdmYi00ZjM0ZTc0ZTNk
YTIuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAMdw9yGq4TXK/6lE
pSXtB4I5jAtobIqFlKP0saiO2iWXI3YZRZ6Liqp2FuNRRgElwAElN0+5cWOC8MDW
YadnZqfLdfgeqKE/K8mfT4GuePV5nFsYPricf8TemrawA27BJ/vRqS57AaN76Uqy
QuAxdbwEGfPG+8Rc4EeeTjgZ2P0aQcpjGpg+zmIKxC93JwDsqLQmW6Wt1wcLBr8x
HE5tPVvfwx5FmvicMuAZTeUI+ESwgk3VC2c+/t3GD2sLJbFvhmririp0G/rind+m
xvi9dp7fIqdVNDf5ID4zUU8QuSM2a6a7zSgbULer7I/43WWqkItQn2rV3yE4wBIo
zNhGk0o=
-----END CERTIFICATE-----